[nsp-sec] Yahoo phising account
Serge Droz
serge.droz at switch.ch
Thu May 22 13:35:51 EDT 2008
Hi Donald,
yes, the mail looked exactly like this, and is, in fact, targeting a
university here. It seems to originate from drake.edu
Cheers
Serge
Smith, Donald wrote:
> Serge did your phishing look something like this:
>> Dear User
>>
>> This mail is to notify all users that the site will be undergoing
>> upgrade in a couple of days from now.
>>
>> Hence, as a user of our site, you are required to send us your email
>> account details to enable us acknowledge account activeness
>>
>> Furthermore, be informed that we will be deleting all mail account
>> that is not active so as to create more space for new users.
>>
>> Therefore you are advice to send us your mail account details As
>> requested below
>>
>> *User name:.........
>> *Password:..............
>> *Date of birth:................
>> *Security question:.............
>> *Security answer:......................
>>
>> All users are advise to complete this update.
>> Regards
>>
>> Mark Anderson
>> Tech/Maintenance officer
>
> We saw this related to universities starting about the beginning of the
> year but it has moved to "targeting" ISPs now.
> Notice they are not even personalizing the content just the from line is
> "personalized".
>
>
>
> Security through obscurity WORKS against some worms and ssh attacks:)
> Donald.Smith at qwest.com giac
>
>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net
>> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Serge Droz
>> Sent: Thursday, May 22, 2008 10:02 AM
>> To: nsp-security NSP
>> Subject: [nsp-sec] Yahoo phising account
>>
>> ----------- nsp-security Confidential --------
>>
>> Hello Yahoo,
>>
>> we have a phishing attack here, requiring people to submit stuff to
>>
>> Reply-To: account.desk at y7mail.com
>>
>> Could someone from yahoo please suspend this account.
>> We would be interested in the 'usernames' which have been compromised.
>>
>> Thanks for any help
>>
>> Serge
>>
>>
>>
>>
>> --
>> SWITCH
>> Serving Swiss Universities
>> --------------------------
>> Serge Droz, SWITCH-CERT
>> Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
>> phone +41 44 268 15 63, fax +41 44 268 15 78
>> serge.droz at switch.ch, http://www.switch.ch
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the
>> nsp-security
>> community. Confidentiality is essential for effective
>> Internet security counter-measures.
>> _______________________________________________
>>
>>
>
>
> This communication is the property of Qwest and may contain confidential or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful. If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.
--
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch
More information about the nsp-security
mailing list